Vendors would prefer to improve the shopping experience for consumers by making purchase transactions more secure, without forcing consumers to swipe their credit cards and provide identification to verify their identities. Also, fraud and identity theft have become pervasive problems.
Traditional world wide web electronic transactions involve the keying of an end-user's name and credit/debit card number with some associated auxiliary security verification information (ASVI) (e.g., the card verification value (CVV) number, user address, billing zip code, year of birth of the user, etc.) into a vendor's webpage for billing. The vendor passes this information to the transaction handler (or payment gateway), who verifies the authenticity of the provided information and conveys the result to the vendor. The vendor then completes the transaction by billing the user.
While the ASVI information is supposed to be known only to the end-user, practical constraints force the user to have a fixed set of this information. This information could be knowingly or inadvertently stored at many points in the network by some vendors with whom the user has transacted in the past. In addition, ASVI information is stored by the transaction handler (or payment gateway). This data is, therefore, more vulnerable to theft and compromise. The identity of the user can be impersonated by anyone in possession of the ASVI information in addition to the credit/debit card information.